SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.
Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. [...] Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.
[...] Duffy found another vulnerability within the mandatory Microsoft Azure Linux Agent (WaLinuxAgent) which exposed API keys for debugging purposes.
[...] Duffy says he was paid less than US$3500 for the vulnerability disclosures under Microsoft's bug bounty but did not name a precise figure.
Source: The Register
This discussion has been archived.
No new comments can be posted.
Microsoft Update Servers Left All Azure RHEL Instances Hackable
|
Log In/Create an Account
| Top
| 17 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
TOO BAD YOU CAN'T BUY a voodoo globe so that you could make the earth spin
real fast and freak everybody out.
-- Jack Handey, The New Mexican, 1988.
(Score: 2) by jcross on Tuesday November 29 2016, @07:23PM
Yeah, I think you're probably right and in this case it's easy enough to presume incompetence rather than malice. A string of incidents like this could land them in hot water though, I'm just pointing out that they could stand to be a bit more cautious.